Org-level policies. Sensitive credentials are stored encrypted.
Adjustments larger than this require a second-user approval.
Require manager approval for high-risk actions